This invention relates to a device and architecture for secure cryptography and key management.
Modern cryptography offers a variety of schemes for the protection of information at-rest on devices and in-transit among devices. A cryptographic scheme typically “scrambles” or “unscrambles” information using a data-permutation algorithm and a short cryptographic key. The security of the scheme depends on the properties of the algorithm and the quality and secrecy of the key. Thus, cryptographic keys need to be created and managed carefully. In particular, keys need to be protected at-rest and in-transit, which itself calls for the use of various cryptographic schemes.
Hardware implementations of cryptographic functions may exist today in hardware, for example as FPGA cores. There may also be special-purpose solutions that are coupled with applications and may implement some form of specialized key management. For example, HAIPE (High Assurance Internet Protocol Encryptor) devices implement a protocol based on the Internet Protocol Security (IPSec) standard for establishing and securing Internet Protocol (IP) communication among devices.
Although many cryptographic schemes have been standardized and implemented efficiently in software and hardware, these solutions are not universally used or embedded in devices. In general, this is the case due to two main reasons:                a. The lack of generic, easy-to-deploy, and easy-to-use solutions for key management, and        b. The challenge of integrating various cryptographic and key management components into a holistically secure design.        
While individual cryptographic components exist and may be known to be secure, there is no known “recipe” for integrating different components into secure designs that guarantee security of keys and other information, at-rest and in-transit. It is in such integration that major challenges exist and vulnerabilities are often times introduced.